I’m going to dive right in with an anecdote: As is normal for anyone in systems administration, I’m busy at work. I’ve been short an employee for some time, and I brought in a managed service provider to do some work. This included a revamping of the network equipment and layout, as it has been growing organically rather than in a planned fashion.

I received the formal assessment from the provider a few weeks ago, and it mentioned that we were using a non ICSA-certified firewall: pf, in the form of pfSense. This was accompanied by some rather drastic warnings about how open source was targeted by hackers! and implied that ICSA certification was a mark of quality rather than a purchasable certification. All bogus, of course.

The reason I’m starting this review with this little story is to note that while open source has become well-accepted for system and application software, there’s still a lot of people that expect commercial hardware to be exclusively handling data once it leaves the server. That’s been valid for a long time, but software like pf represents a realistic option, or even an improvement, over many commercial and proprietary options. Since pf exists in one form or another on all the BSDs, it’s a tool you should be at least somewhat familiar with.

Peter N. M. Hansteen has written about pf first online, and then in printed form, for some time. The Book of PF is in its third edition, and that’s what I have to read. (Disclosure: No Starch Press gave me the book free, without requirements)

The book is excellent, and easier to read than I expected for a book about network processing. It can be read in linear form, as it takes the reader from simple to more complex network layouts. It works as a reference book, too, as it focuses on different tools around pf and what they are used for.

It covers the different pf version in OpenBSD, NetBSD, and FreeBSD, and DragonFly gets at least a partial mention in some portions of the book. For example, OpenBSD recently removed ALTQ, but the other BSDs still use it. With- and without-ALTQ scenarios are covered every place it applies. You’re going to get the most mileage out of an OpenBSD setup with it, though.

The parts where the book shines are the later chapters; the descriptions of greylisting and spamd, the traffic shaping notes, and the information on monitoring pf will be useful for most anyone. It’s quite readable; similar in tone to Peter’s blog. If you enjoy his in-depth online articles, the book will be a pleasant read.

NYCBUG is holding a OpenBSD Ports ‘class’ on August 6th (day after tomorrow). You can make a port of something you need, or work on something existing, hackathon style. See the announcement for details – you need to warn someone you are coming for building access.

Undeadly has a lot of articles written by recent OpenBSD Hackathon participants. Instead of linking to specific ones, I’ll just point you at the site. (undeadly.org can’t tag or search to a summary page.)

Normally I’d save this for the In Other BSDs weekend item, but the time horizon is too short: Theo De Raadt and Bob Beck are giving a last-minute LibreSSL talk tonight at the Calgary UNIX Users Group meeting at 5:30 PM. See www.cuug.ab.ca for the location.

OpenBSD has brought in OpenSSL – and is modifying it severely. Instead of linking to the many commits as they tear it into little bits, I’ll just link to this Lobste.rs post. Will it be OpenOpenSSL? It looks like it’s for internal consumption only. Undeadly has a similar summation. Apparently there’s a running blog of the changes, or at least the snarky comments.

Have you never been to BSDCan? Dan Langille asks the question. As he points out, BSD conventions are awesome, where you get to meet some smart people and put names to faces.

You may have seen that Facebook bought WhatsApp for $19B; take a look at the graph here to see that WhatsApp has more than double the user count of Facebook, and then look at these twoposts on NYCBUG talk noting that WhatsApp uses FreeBSD to serve all those people.

DiscoverBSD has an interview of Kent Riboe, maintainer of BSDEater.org, which appears to be a BSD RSS feed aggregator. I find the last sentence problematic: “…people shouldn’t need to read first half on one site and then click it to read the following part somewhere else.” I’d like people to read my words on my site, at some point, especially given that 75% of the text on bsdeater.org appear to be me.

The OpenBSD Project (Foundation?) needs to pay a large electrical bill for their hosting location. I had mentioned this in a weekend BSD report just before the end of 2013, but the problem is still there and deserves a special mention. It’s possible to contribute directly, or to the I-assume-nonprofit-so-tax-deductible-for-many-people OpenBSD Foundation. You can set up a low but reoccurring Paypal payment for the Foundation, which would be probably unnoticeable for you but very helpful for the organization.

Even if you aren’t booting OpenBSD on anything, you’re using a technology that came out of that project – OpenSSH, pf, your dhcpclient, etc; or using 3rd-party software that received fixes from OpenBSD work. Putting dollars towards this software development is one of the more effective things you can do with your money to help open source.

For those of you near the NYC area, there’s a NYCBUG meeting tonight at 7 Eastern, with Brian Callahan giving a security-focused crash course in OpenBSD. Tickets for NYCBSDCon 2014, happening on February 8th, are going to be available there for the first time, starting at 6 PM. (and cheaper if you buy in person, too.)

I had a sometimes-great, sometimes-difficult trip to New York City over the past few days, and while I was there, I met the ball of energy that is George Rosamond of NYCBUG (which is having a huge party right now.) He and I talked for a bit about various aspects of the BSD ecosystem, and one thing he noted was that people aren’t generally aware of all the licenses in use for the different software packages on the system, or even the individual licenses in the system files.

There is an ACCEPTABLE_LICENSES setting in pkgsrc, where software licensed under terms not in that list won’t install. That’s useful, but frustrating, because it keeps people from getting what they asked for – a software install. Something that would be useful – and it could be cross-BSD very easily – would be a license audit summary.

There’s meta-data on every package in FreeBSD’s ports and DragonFly’s dports and pkgsrc and OpenBSD’s port system. Why not say ‘pkg licenses’ in the same way you can say ‘pkg info’, and get a summary of the licenses you have installed in the system? (or pkg_licenses, etc. You get the idea) This wouldn’t prevent people from installing software, but it would give a very quick view of what you were using.

I’m working my way up to more than just links to source for the cross-BSD news. There’s a lot to swim through!

NYCBSDCon 2014 (on February 8, 2014 – note the recent change) is, in addition to the normal call for papers, having a ‘call for exposés’, meaning they want people to expose BSD projects. I found this out through the undeadly.org description noting that some MIPS machines will be on display. This is an excellent idea; BSD projects need a showcase.

The pfSense blog is called “The pfSense Digest”. Digest… hey, that sounds like a good, descriptive term! They also are looking to hire. I just used some of my paid pfSense support time on a work problem – well worth the money spent.